package com.aaa.controller;

import org.springframework.security.access.prepost.PostAuthorize;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.security.access.prepost.PreFilter;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.RestController;

import java.util.List;

// prePostEnabled 前置注解
@RestController
@RequestMapping("p")
public class PrePostController {

    // 默认都可以访问
    @RequestMapping("/m1")
    public String m1() {
        return "m1";
    }

    // 在进入方法前判断权限
    @PreAuthorize("hasRole('ROLE_ADMIN')")
    @RequestMapping("/m2")
    public String m2() {
        System.out.println("m2");
        return "m2";
    }

    @PreAuthorize("hasAnyRole('ADMIN','ROLE_TEST')")
    @RequestMapping("/m3")
    public String m3() {
        System.out.println("m3");
        return "m3";
    }


    @PreAuthorize("hasAuthority('select')")
    @RequestMapping("/m4")
    public String m4() {
        System.out.println("m4");
        return "m4";
    }

    @PreAuthorize("hasAnyAuthority('select','add')")
    @RequestMapping("/m5")
    public String m5() {
        System.out.println("m5");
        return "m5";
    }

    // principal获取认证的主体对象
    @PreAuthorize("principal.username.equals('zs')")
    @RequestMapping("/m6")
    public String m6() {
        System.out.println("m6");
        return "m6";
    }

    // 方法执行完成后判断权限
    @PostAuthorize("principal.username.equals('zs')")
    @RequestMapping("/m7")
    public String m7() {
        System.out.println("m7");
        return "m7";
    }

    // 过滤参数
    // filterTarget:目标对象  value:判断条件
    @PreFilter(filterTarget = "a", value = "#a.get(0) == 1")
    @RequestMapping("/m8")
    public String m8(@RequestParam("a") List<Integer> a, @RequestParam("b") Integer b) {
        System.out.println(a);
        System.out.println("m8");
        return "m8";
    }

//    // 返回值:#获取参数值
//    @PostFilter("filterObject.salary == 100.00")
//    @RequestMapping("/m9")
//    public List<User> m9(Integer a) {
//        System.out.println("m9");
//        ArrayList<User> list = new ArrayList<>();
//        if(a==1){
//            list.add(new User(1,"aa",100.00));
//        }else{
//            list.add(new User(1,"aa",100.00));
//            list.add(new User(2,"vv",100.00));
//            list.add(new User(3,"dd",200.00));
//        }
//        return list;
//    }

}
